-
-
Notifications
You must be signed in to change notification settings - Fork 132
/
Copy pathChangeLog
1665 lines (907 loc) · 59 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2024-10-25 Matteo Corti <[email protected]>
* test/integration_tests.sh: Separated the badssl.com tests as they are often failing (no connection)
2024-10-16 Matteo Corti <[email protected]>
* check_ssl_cert (DEFAULT_REQUIRED_HTTP_HEADERS): removed X-Frame-Options from the list of required headers (is now deprecated)
2024-10-13 Matteo Corti <[email protected]>
* check_ssl_cert (parse_command_line_options): fix the validation of --url and --user-agent
2024-09-10 Matteo Corti <[email protected]>
* check_ssl_cert (check_option_argument): fixed a problem with | in the output
2024-07-11 Matteo Corti <[email protected]>
* check_ssl_cert (main): fetch HTTP headers for --debug-headers even if no header check is enabled
2024-04-01 Matteo Corti <[email protected]>
* check_ssl_cert (hours_until): refactored without return value
2024-03-17 Matteo Corti <[email protected]>
* check_ssl_cert (main): Included the patch from Adam Cécile for SNI support with nmap
2024-03-08 agibson https://github.com/agibson2
* check_ssl_cert: Fix problem where untrusted cert would still give error even with --ignore-incomplete-chain
* check_ssl_cert: Add --fingerprint-alg option to specify what alg to is used to specify with --fingerprint.
2024-02-26 vanElden https://github.com/vanElden
* check_ssl_cert: Add support to ignore unclean TLS shutdowns
2024-01-17 Matteo Corti <[email protected]>
* check_ssl_cert (append_warning_message): Removed the port in the error messages if we are checking a file
2024-01-14 Matteo Corti <[email protected]>
* check_ssl_cert: Added support for SIPS
2023-12-11 Matteo Corti <[email protected]>
* check_ssl_cert: Corrected a function name causing a crash with OCSP checks and -verbose
* check_ssl_cert: Better error message for curl errors
2023-11-30 Matteo Corti <[email protected]>
* check_ssl_cert: Added QUIC support
2023-11-21 Matteo Corti <[email protected]>
* check_ssl_cert (main): Support for LibreSSL and IP addresses
2023-11-27 Matteo Corti <[email protected]>
* check_ssl_cert (parse_command_line_options): allow uppercase protocols
2023-11-23 Matteo Corti <[email protected]>
* check_ssl_cert (main): Added support for MQTTS
2023-11-21 Matteo Corti <[email protected]>
* check_ssl_cert (hours_until): do not complain if LONG_BIT is not available (OpenBSD)
2023-10-30 Matteo Corti <[email protected]>
* check_ssl_cert (info): --info output at the endw
2023-10-21 Matteo Corti <[email protected]>
* check_ssl_cert (main): Added a check if --file is a directory
2023-09-27 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): Global elapsed time considered for the timeout
2023-09-13 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed an issue in the /etc/hosts parsing
2023-08-21 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): Fix for OpenSSL 1 and proxy
2023-08-16 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): Fixed the proxy settings by OCSP
* check_ssl_cert (fetch_certificate): Harmonize error messages from tinyproxy
* check_ssl_cert (check_attr): Critical if a ciphers check is required and a proxy is used
2023-08-10 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed a bug in the proxy command line options validation
2023-07-28 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed a bug if the host cannot be resolved and --resolve is specified
2023-07-19 Matteo Corti <[email protected]>
* check_ssl_cert (prepend_critical_message): Display the port number in the CRITICAL output (as for OK)
* check_ssl_cert (append_warning_message): Display the port number in the WARNING output (as for OK)
2023-06-13 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed a bug in the debugging output of the connection check
2023-05-23 Matteo Corti <[email protected]>
* check_ssl_cert: Fixed the initialization order of OPENSSL and GREP_BIN because of the proxy check
2023-05-14 Matteo Corti <[email protected]>
* Added check_ssl_cert_icinga2.conf to the documentation check and distribution files. Added some missing options
2023-04-25 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixes the protocol used by nmap if the host is resolved with /etc/hosts
* check_ssl_cert (check_crl): Do not convert a CRL if already in the correct format
* check_ssl_cert (extract_cert_attribute): Removed a PCRE grep expression (non-standard)
2023-04-24 Matteo Corti <[email protected]>
* check_ssl_cert (main): Considers /etc/hosts for the existence checks
2023-04-21 Matteo Corti <[email protected]>
* test/unit_tests.sh (testFloatingPointThresholdsExpired): Added a test for decimal critical or warning values
and expired certificates
* check_ssl_cert (extract_cert_attribute): Fix CRL output format parsing
* check_ssl_cert (compare): Fixed a problem with decimal critical or warning values and expired certificates
2023-04-07 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed the resolution of hosts with IPv6 addresses only
2023-04-05 Matteo Corti <[email protected]>
* check_ssl_cert (main): Better (earlier) check for non-existing hosts
2023-04-03 Matteo Corti <[email protected]>
* test/integration_tests.sh (testWrongHostIgnore): Ignore expiration on wrong.host.badssl.com
2023-03-16 Matteo Corti <[email protected]>
* check_ssl_cert: unset TIMEOUT_REASON after the the context it should be used
* check_ssl_cert: added some more TIMEOUT_REASON messages
2023-03-09 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed the RSA algorithms
2023-03-06 Matteo Corti <[email protected]>
* check_ssl_cert: removed hard coded 'grep' invocations
2023-02-26 Matteo Corti <[email protected]>
* test/unit_tests.sh (testRequireOCSP): Fixed the test (videolan.org certificate was not OK)
2023-02-15 Matteo Corti <[email protected]>
* test/unit_tests.sh: Two new tests for wrong hostname
* check_ssl_cert (main): Fixes --ignore-host-cn behaviour with --match
2023-01-27 Matteo Corti <[email protected]>
* check_ssl_cert (main): System info debugging right at the beginning
2023-01-16 Matteo Corti <[email protected]>
* check_ssl_cert: Added an option to set the security level (see help)
* check_ssl_cert (fetch_certificate): better error handling
2023-01-05 Matteo Corti <[email protected]>
* check_ssl_cert (usage): Added an option to ignore header problems with --all and --all-local
2022-11-30 Marcel Burkhalter <[email protected]>
* check_ssl_cert (main): Add command line argument to set the PATH variable
2022-11-30 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): ignoring OCSP errors if specified from the command line
2022-10-24 Matteo Corti <[email protected]>
* check_ssl_cert (get_tds_certificate): Adding the timeout check on the TDS checks
2022-10-18 Matteo Corti <[email protected]>
* check_ssl_cert (main): Print the $PATH in debug mode
2022-10-06 Matteo Corti <[email protected]>
* check_ssl_cert: additional chain checks (no root attributes and handling of double certificates
* check_ssl_cert (check_attr): fixed a bug in the chain checks
2022-09-27 Matteo Corti <[email protected]>
* check_ssl_cert (main): if nmap is not found the plugin continues
* check_ssl_cert (parse_command_line_options): fixing an infinite loop (not shifting the command line arguments)
2022-09-24 Matteo Corti <[email protected]>
* check_ssl_cert (add_unrequired_header): Fixing #413
2022-09-23 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): use only integers for the certificate max duration of 13 months
* check_ssl_cert (main): read options from a configuration file
2022-09-20 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): checking the maximum validity only for files or HTTPS
* check_ssl_cert (check_attr): added --maximum-validity to force the maximum validity check
2022-09-19 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): checking the maximum certificate validity
2022-09-15 Matteo Corti <[email protected]>
* test/unit_tests.sh: removed stray \ from regexes
* check_ssl_cert: removed stray \ from regexes
2022-09-13 Matteo Corti <[email protected]>
* check_ssl_cert: added --grep-bin to specify the grep binary to be used
2022-09-11 Matteo Corti <[email protected]>
* check_ssl_cert (usage): default port in the help text
2022-09-09 Matteo Corti <[email protected]>
* check_ssl_cert (check_security_header): added --debug-headers to store the HTTP headers in the headers.txt file
2022-09-08 Matteo Corti <[email protected]>
* check_ssl_cert (main): curl ignores TLS problems while retrieving headers
* check_ssl_cert (main): curl uses --resolve if specified when retrieving HTTP headers
2022-09-07 Matteo Corti <[email protected]>
* check_ssl_cert (parse_command_line_options): added an optional path for the X-Frame-Options header retrieval
2022-09-06 Matteo Corti <[email protected]>
* check_ssl_cert (main): Added --require-x-frame-options to check for the X-Frame-Options header
* check_ssl_cert (main): Disallowing --require-hsts and --require-x-frame-options if no HTTPS is used
* check_ssl_cert (extract_cert_attribute): Fixed a bug when parsing certificates without purpose
2022-09-02 Matteo Corti <[email protected]>
* Makefile (CITATION.cff): rebuild if a new version was specified
* check_ssl_cert (main): disabling nmap checks if a proxy is specified
2022-09-01 Matteo Corti <[email protected]>
* check_ssl_cert (main): follow redirects when checking HSTS
* check_ssl_cert (main): Add verbose message for HSTS
2022-08-31 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): parsing 'excessive message size' errors
2022-08-25 Matteo Corti <[email protected]>
* check_ssl_cert (extract_cert_attribute): Parse UTF-8 attributes (e.g., Location, ...)
2022-08-24 Matteo Corti <[email protected]>
* check_ssl_cert (main): nmap is now always required
* check_ssl_cert (main): new formatting option %SIGALGO%
* check_ssl_cert (main): new command line argument --default-format
* check_ssl_cert (extract_cert_attribute): fixed the parsing of the signature algorithm
2022-08-23 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed the handling of --ignore-connection-state
2022-08-17 Matteo Corti <[email protected]>
* check_ssl_cert (main): Check for HSTS
2022-07-26 Matteo Corti <[email protected]>
* check_ssl_cert (usage): New option --user-agent to specify the user agent used by curl and by OpenSSL for HTTPS connections
2022-07-22 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): Better error output by timeouts
2022-07-15 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): Fetching 'no route to host' errors
2022-07-06 Matteo Corti <[email protected]>
* check_ssl_cert (main): if x509 -ext is not supported no info on the cert purpose is extracted
2022-07-04 Matteo Corti <[email protected]>
* check_ssl_cert (main): Add shell version to the debug info
2022-07-01 Matteo Corti <[email protected]>
* check_ssl_cert (main): DNSSEC checks
2022-06-29 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): some more informational output
2022-06-21 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): Better error message if the certificate file is not readable
2022-06-17 Matteo Corti <[email protected]>
* check_ssl_cert (main): Added checks for the certificate purpose
2022-06-15 Matteo Corti <[email protected]>
* test/unit_tests.sh (setUp): test completion time estimation
2022-06-14 Matteo Corti <[email protected]>
* test/unit_tests.sh (setUp): printing the test number
* check_ssl_cert (main): fixed a problem with the caching of IPv6 hosts
2022-06-11 Matteo Corti <[email protected]>
* check_ssl_cert: fixed a problem with Prometheus output
2022-06-03 Matteo Corti <[email protected]>
* check_ssl_cert (main): X.509 version printed with --info
2022-06-01 Matteo Corti <[email protected]>
* check_ssl_cert (check_cert_end_date): Applied patch for the missing quotes to the prometheus output
2022-05-27 Matteo Corti <[email protected]>
* test/unit_tests.sh: Added the possibility to set the debug mode for all the tests
2022-05-26 Matteo Corti <[email protected]>
* check_ssl_cert (main): added default ports for XMPP
2022-05-25 Matteo Corti <[email protected]>
* check_ssl_cert (parse_command_line_options): Support for DTLS
* check_ssl_cert (parse_command_line_options): Check if two protocols are specified at the same time
2022-05-10 Matteo Corti <[email protected]>
* check_ssl_cert.completion (_check_ssl_cert): added the missing --check-ssl-labs option
2022-05-05 Matteo Corti <[email protected]>
* check_ssl_cert (main): using nmap instead of netcat
2022-05-04 Matteo Corti <[email protected]>
* check_ssl_cert (main): Using netcat to check connections
2022-04-28 Matteo Corti <[email protected]>
* check_ssl_cert (main): Using --script +ssl-enum-ciphers for older versions of nmap
2022-04-26 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): Updating the timeout when using the timeout option of 'ocsp'
2022-04-25 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): Better error message in case of OCSP problems
2022-04-13 Matteo Corti <[email protected]>
* check_ssl_cert (main): Allows to run with the --init-host-cache option only
* check_ssl_cert.completion (_check_ssl_cert): check if the host cache exists
* check_ssl_cert (main): Added a cache for checked hosts (to be used with bash completion)
* check_ssl_cert (usage): Fixed the capitalization of the help messages
* check_ssl_cert (usage): Usage errors should trigger an unknown status
2022-04-06 Matteo Corti <[email protected]>
* test/unit_tests.sh (testIPv6): Corrected the IPv6 tests
* check_ssl_cert (check_attr): Timeout support for SSL Labs
* check_ssl_cert (check_attr): Adding a missing -6 option (if specified) to nmap
2022-03-22 Matteo Corti <[email protected]>
* check_ssl_cert (main): fixes debugging output on STDERR
2022-03-21 Matteo Corti <[email protected]>
* check_ssl_cert (main): added missing proxy options for curl and s_client
2022-03-15 Matteo Corti <[email protected]>
* check_ssl_cert: status UNKNOWN only for plugin-internal problems (see https://nagios-plugins.org/doc/guidelines.html#AEN78)
2022-03-14 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): Add the protocol (if defined) to the critical message
2022-03-11 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Display all the unmatched common names
2022-02-28 Peter Newman (https://github.com/peternewman)
* check_ssl_cert (fetch_certificate): Allow pkcs12 extension for PKCS #12 files
2022-02-22 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): display the protocol in the output
2022-02-18 Matteo Corti <[email protected]>
* check_ssl_cert.completion (_check_ssl_cert): host completion
2022-02-17 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): write the host and the port in the output
* check_ssl_cert (usage): list of possible variables for the --format option
2022-02-03 Matteo Corti <[email protected]>
* check_ssl_cert.completion (_check_ssl_cert): first version of completion
2022-02-01 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): adding the reason of the timeout to the error message
* check_ssl_cert (main): do not set the default timeout if ${TIMEOUT} is already set
2022-01-13 Matteo Corti <[email protected]>
* check_ssl_cert (check_integer): Added input validation for integers and floats
* check_ssl_cert (main): If --file is an URI fetch it with curl
2022-01-12 Matteo Corti <[email protected]>
* check_ssl_cert: enable floating point computations
2022-01-10 Matteo Corti <[email protected]>
* .github/workflows/test.yml (jobs): Removed Ubuntu 20.10
* Makefile (dist): Disable extended attributes support with bsdtar
2021-12-21 Matteo Corti <[email protected]>
* Converted several documents to Markdown
2021-12-20 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Fixed a problem with self signed certificates
* check_ssl_cert (main): Better --info output by missing fields
2021-12-16 Matteo Corti <[email protected]>
* check_ssl_cert (parse_command_line_options): Remove the trailing . from FQDNs
2021-12-15 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): check if the used protocol was HTTP/2 (if requested)
2021-12-10 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): using NMAP_BIN instead of nmap
* check_ssl_cert (main): fixed a bug causing an unnecessary scan when checking for disallowed protocols
* check_ssl_cert (main): (main): SSL 2.0 and SSL 3.0 disabled by --all and --all-local
2021-12-08 Matteo Corti <[email protected]>
* Fixed several spelling mistakes
2021-12-05 Bernd Stroessenreuther <[email protected]>
* check_ssl_cert: improve readability of --help by wrapping some very long lines
2021-12-03 Matteo Corti <corti@ubuntu-2110>
* check_ssl_cert (main): IPv6 checks fixed if ipconfig is not available
2021-11-26 Matteo Corti <[email protected]>
* check_ssl_cert (info): --info to print certificate information
2021-11-24 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Fixed a bug in the processing of error messages
* check_ssl_cert (main): Handle root certificates in DER format
* check_ssl_cert (check_attr): Fixed the nmap cipher check for hosts which are not discoverable
2021-11-12 Matteo Corti <[email protected]>
* check_ssl_cert (main): Skipping the manual renegotiation test with OpenSSL > 3.0.0
2021-11-11 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed a problem with newlines in variable on some systems (e.g., Fedora)
* check_ssl_cert (fetch_certificate): Fixed a problem with OpenSSL 3.0.0 and debug mode with certain servers
2021-11-11 Matteo Corti <[email protected]>
* check_ssl_cert (main): Better extraction of the certificate issuers
2021-11-09 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): Parsing of OpenSSL 3 messages
* check_ssl_cert (fetch_certificate): Ignoring legacy renegotiation if --ignore-tls-renegotiation was specified
2021-10-25 Matteo Corti <[email protected]>
* check_ssl_cert (debuglog): Better formatting of the elapsed time in the log output
2021-10-22 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Fixed the organization check
* check_ssl_cert (main): Check if -sigalgs is available
* check_ssl_cert (check_attr): check if nmap delivers cipher strengths
2021-10-21 Matteo Corti <[email protected]>
* test/unit_tests.sh (testRSA): Added a test for RSA ciphers
* check_ssl_cert (main): Fixes --rsa on systems not supporting PSS
* check_ssl_cert (create_temporary_file): Uses mktemp if available (the workaround is only used if not available for speed reasons)
2021-10-15 Matteo Corti <[email protected]>
* check_ssl_cert (create_temporary_file): AIX compatible temporary file creation
2021-10-12 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): using OpenSSL verify to verify a local chain
2021-10-11 Matteo Corti <[email protected]>
* check_ssl_cert (main): Checks the certificate chain
2021-10-08 Matteo Corti <[email protected]>
* test/unit_tests.sh (testSubdomainWithUnderscore): does not test with older OpenSSL versions not supporting _
* check_ssl_cert (fetch_certificate): Fixed a typo
2021-10-06 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): better handling of HTML pages instead of certificates
* check_ssl_cert (parse_command_line_options): a URL can be given as host (scheme and path will be stripped)
* check_ssl_cert (check_attr): accepts certificates without subject alternative names
2021-10-05 Matteo Corti <[email protected]>
* check_ssl_cert (debuglog): added an option (--debug-time) to print the elapsed time in the debugging output
2021-10-01 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): --skip-element now skips a single element and can be specified multiple times
2021-09-29 Matteo Corti <[email protected]>
* check_ssl_cert (main): Added an option to set a custom state by connection failures
2021-09-27 Matteo Corti <[email protected]>
* check_ssl_cert (hours_until): supporting certificate expiration after 2038-01-19 on 32 bit systems
* check_ssl_cert (main): adds a check for acceptable client certificate CAs
* test/unit_tests.sh: added a routine to create a self-signed certificate expiring in a given number of days
* test/unit_tests.sh: added a test for a certificate expiring between 0.5 and 1.5 days
2021-09-25 Bernd Stroessenreuther <[email protected]>
* test/unit_tests.sh: adding tests for using floating point numbers in thresholds
2021-09-24 Bernd Stroessenreuther <[email protected]>
* check_ssl_cert: --warning and --critical now also accept floating point numbers
2021-09-24 Matteo Corti <corti@precise>
* test/unit_tests.sh (oneTimeSetup): defining TMPDIR if not defined
2021-09-24 Bernd Stroessenreuther <[email protected]>
* test/unit_tests.sh: adding a test for checking a local CRL file
2021-09-22 Matteo Corti <[email protected]>
* Makefile (dist): make dist does not check the format (just builds the distribution)
2021-09-21 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): converts local CRLs from DER to PEM
* check_ssl_cert (main): does not check renegotiation when checking files
2021-09-17 Bernd Stroessenreuther <[email protected]>
* test/unit_tests.sh: fixing error with endless ping if IPv6 enabled
2021-09-17 Bernd Stroessenreuther <[email protected]>
* check_ssl_cert: fixing error with SCT when checking a CRL file
2021-09-17 Matteo Corti <[email protected]>
* test/unit_tests.sh (testPrometheus): added test for --prometheus
* check_ssl_cert: Adding output for Prometheus
2021-09-16 Matteo Corti <[email protected]>
* check_ssl_cert (critical): Applied a patch to fix the output of multiple errors
* check_ssl_cert (main): Automatically assume localhost if --file is specified
2021-09-15 Matteo Corti <[email protected]>
* check_ssl_cert (usage): Added an option to ignore OCSP server errors
* check_ssl_cert (check_ocsp): Fixed the detection of an internal error
2021-09-02 Matteo Corti <[email protected]>
* check_ssl_cert (hours_until): computes the date with dconv if date -f is missing
2021-09-01 Matteo Corti <[email protected]>
* check_ssl_cert (main): detects old BSD date without -f
2021-08-31 Matteo Corti <[email protected]>
* check_ssl_cert (main): added -crlf to the connection for the renegotiation test
2021-08-27 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): skipping the CN check on IP addresses
2021-08-26 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): small improvement in the verbose output of SSL Labs
2021-08-25 Matteo Corti <[email protected]>
* README.md: Info about quoting *
2021-08-19 Matteo Corti <[email protected]>
* check_ssl_cert (parse_command_line_options): do not delete COMMON_NAME by --file
2021-08-18 Matteo Corti <[email protected]>
* check_ssl_cert (parse_command_line_options): Fixed the debugging output by the command line arguments splitting
2021-08-16 Matteo Corti <[email protected]>
* check_ssl_cert (main): Support DANE TLSA 312
2021-08-13 Matteo Corti <[email protected]>
* test/unit_tests.sh (testMultipleAltNamesOK): Added a test for multiple --cn and OK status
* check_ssl_cert (parse_command_line_options): Fixed the -n option (the old value was overwritten each time)
* check_ssl_cert (main): Better validation of the host command line argument
2021-07-09 Matteo Corti <[email protected]>
* check_ssl_cert: performance data is no more shown by critical and warning message when --no-perf is specified
2021-06-22 Matteo Corti <[email protected]>
* check_ssl_cert: removes the file name from file(1) output
2021-06-18 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): stop the SSL Labs checks after an error
2021-06-16 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): show the progress in % by SSL labs
* check_ssl_cert (check_attr): removing unnecessary port probing with nmap
2021-05-31 Matteo Corti <[email protected]>
* check_ssl_cert (check_cert_end_date): Display since how many days the certificate was valid
2021-05-28 Igor Mironov <[email protected]>
* check_ssl_cert: compatibility fixes for LibreSSL 2.8.3 on macOS Catalina
2021-05-21 Matteo Corti <[email protected]>
* check_ssl_cert: added the --debug-file option
* check_ssl_cert(check_ocsp): append .crt to the debug certificates
* check_ssl_cert: sanity checks for file write operations
2021-05-07 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): Do not store the debugging copy of the certificate in the $TMPDIR
2021-05-06 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed an error in the parameter validation
2021-05-05 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): do not wait if SSL Labs is giving an error
2021-04-30 Matteo Corti <[email protected]>
* Makefile: avoid putting extended attribute files in the archives
2021-04-29 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Do not remove parenthesis from URI
2021-04-29 Claus-Theodor Riegg (https://github.com/ctriegg-mak)
* check_ssl_cert: match underscores in subdomains when matching name to wildcard certs
2021-04-28 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): adds and option to remove performance data
2021-04-23 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): Better handling of timeouts
2021-04-12 Matteo Corti <[email protected]>
* check_ssl_cert (critical): Fixed the output when the CN is not available
2021-04-07 Matteo Corti <[email protected]>
* check_ssl_cert (main): adding -starttls to the renegotiation check if needed
2021-04-01 Matteo Corti <[email protected]>
* check_ssl_cert: The host name must now always match with the certificate
* check_ssl_cert: (fetch_certificate): Fixed the errors messages (and added a new one for missing STARTTLS)
2021-03-31 Matteo Corti <[email protected]>
* check_ssl_cert (main): Added the --resolve option
2021-03-29 Matteo Corti <[email protected]>
* check_ssl_cert: All the verbose messages are not beginning with a lowercase letter
* check_ssl_cert: Added the possibility to have different verbose and debug levels
* check_ssl_cert: Cleaner verbose output
* check_ssl_cert: Short options can now be grouped
2021-03-25 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): Better error handling in case a TLS connection is not possible
2021-03-22 Matteo Corti <[email protected]>
* check_ssl_cert (usage): adds a --all option to allow all the optional checks at the maximum level
2021-03-22 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): detecting a timeout on the OpenSSL level
2021-03-15 Matteo Corti <[email protected]>
* check_ssl_cert (openssl_version): works on systems which add a string to the OpenSSL version output (+ several fixes)
2021-03-14 Matteo Corti <[email protected]>
* check_ssl_cert (openssl_version): added a function to compare OpenSSL versions. Getting rid of the man dependency
2021-03-12 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): fixing timeout on systems using 'timeout'
2021-03-12 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): reducing the total timeout by each execution
* check_ssl_cert (check_attr): check ciphers with nmap
* check_ssl_cert (check_ocsp): looping over all the supplied URIs
2021-03-11 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Setting GZIP to quiet (-q) before using man
2021-03-10 Matteo Corti <[email protected]>
* check_ssl_cert (main): Improved renegotiation testing
* check_ssl_cert (fetch_certificate): Added --password to specify a password source for PCKS12 certificates
2021-03-09 Matteo Corti <[email protected]>
* check_ssl_cert (main): Added missing processing of the --inetproto option
* check_ssl_cert (main): Added a sanity check for the protocol support of s_client
* check_ssl_cert (check_ocsp): skipping empty certificates
* check_ssl_cert (fetch_certificate): supporting local files in PKCS #12 and DER formats
* check_ssl_cert (main): Using grep -F when possible
2021-02-28 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Do not check SCTs if the certificate is self signed
2021-02-25 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): fixed the SCT check
2021-02-24 Matteo Corti <[email protected]>
* check_ssl_cert (main): Check for TLS renegotiation
2021-02-19 Matteo Corti <[email protected]>
* check_ssl_cert (main): Do not reset $OPENSSL so that a different
OpenSSL version can be specified with the environment variable
2021-02-17 Robin Pronk <[email protected]>
* check_ssl_cert: Make HTTP request URL configurable (default stays /)
2021-02-05 Matteo Corti <[email protected]>
* check_ssl_cert (main): Adds a check for grep (to check if basic utilities are in the PATH)
2021-01-28 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Checks for signed certificate timestamps (SCTs)
* check_ssl_cert (fetch_certificate): Better error catching for s_client errors
2021-01-26 Matteo Corti <[email protected]>
* check_ssl_cert (hours_until): Warning about BusyBox date dropping the time zone
2021-01-26 Matteo Corti <[email protected]>
* check_ssl_cert: added --date to specify the date binary
* check_ssl_cert (hours_until): support for BusyBox date
2021-01-25 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): Better handling of wait and kill output
2021-01-18 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): Execute timeout in the background so that it can handle signals
* check_ssl_cert (fetch_certificate): Better error message for DH with a too small key and handshake failure
* check_ssl_cert (check_crl): Checks revocation via CRL
2021-01-15 Matteo Corti <[email protected]>
* check_ssl_cert (check_ocsp): OCSP check on all the chain elements
2021-01-14 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): retries when SSL Labs is running at full capacity
2020-12-23 Matteo Corti <[email protected]>
* check_ssl_cert (main): - instead of _ to separate words in the command line options
2020-12-22 Matteo Corti <[email protected]>
* check_ssl_cert (main): added the --no-proxy option
2020-12-21 Matteo Corti <[email protected]>
* check_ssl_cert (main): added a sanity check for the -f option
* check_ssl_cert (main): better handling of certificates without CN
2020-12-16 Matteo Corti <[email protected]>
* check_ssl_cert (main): fixed the regex for the proxy cleanup for s_client
2020-12-15 Matteo Corti <[email protected]>
* check_ssl_cert (require_s_client_option): Checks if s_client supports the -no_ssl[23] options
* check_ssl_cert (main): Better filtering of the nmap output
2020-12-11 Matteo Corti <[email protected]>
* check_ssl_cert: Corrected the handling of the issuer URI
2020-12-01 Matteo Corti <[email protected]>
* check_ssl_cert: Correct handling of -proxy by s_client and --proxy by curl
2020-11-30 Matteo Corti <[email protected]>
* check_ssl_cert (create_temporary_file): bug fix: temp directory not used
* check_ssl_cert: patch for the --element option
* check_ssl_cert: bug fix: force -4 or -6 with curl when specified
2020-08-07 Matteo Corti <[email protected]>
* check_ssl_cert: Fixed a bug with the output of --version
2020-07-24 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): Fixed a bug in the output with --not-issued-by
2020-07-02 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): MySQL support
2020-07-01 Matteo Corti <[email protected]>
* check_ssl_cert: Adding support for better file(1) certificate parsing
2020-06-12 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed a problem on BSD in the processing of the issuers
* check_ssl_cert (debuglog): [DBG] prefix for all the lines
2020-06-09 Matteo Corti <[email protected]>
* check_ssl_cert: fixed a bug in the output (expiration date of chain elements)
2020-06-05 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): support for s_client -proxy option
2020-06-04 Matteo Corti <[email protected]>
* check_ssl_cert: Processes all the certificates in the chain
* check_ssl_cert: New option to check that the issuer does not match a given pattern
2020-05-18 Matteo Corti <[email protected]>
* check_ssl_cert: Propagates the -6 switch to nmap
2020-03-26 Matteo Corti <[email protected]>
* check_ssl_cert (main): show command line arguments in debug mode
2020-03-09 Matteo Corti <[email protected]>
* check_ssl_cert (check_attr): new option (--not-valid-longer-than) to check if a certificate is valid longer than the specified number of days
2020-02-17 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): added support for xmpp-server in the STARTTLS negotiation
2020-01-07 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): option to force HTTP/2
2019-12-23 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): better error message in case of connection refused
2019-12-20 Matteo Corti <[email protected]>
* check_ssl_cert: better error message in case of an invalid host
2019-11-04 Matteo Corti <[email protected]>
* check_ssl_cert (fetch_certificate): fixed a bug in the SMTP connection (using s_client -name)
* check_ssl_cert (main): -name only used with OpenSSL versions which supports it
2019-10-31 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): the return value of the command is no more ignored from expect
2019-10-29 Matteo Corti <[email protected]>
* check_ssl_cert: Merged a patch fixing a copy and paste error with sieve
2019-10-28 Matteo Corti <[email protected]>
* check_ssl_cert (exec_with_timeout): Better handling of timeout return codes
2019-10-28 Matteo Corti <[email protected]>
* check_ssl_cert (main): Better error message for non matching DANE records
* check_ssl_cert (main): Default ports for other protocols
2019-10-25 Matteo Corti <[email protected]>
* check_ssl_cert (check_required_prog): fixed a couple of small issues and introduced a feature to specify the dig binary
2019-10-22 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed a bug printing both a critical and a warning message when both condition match
2019-10-18 Matteo Corti <[email protected]>
* check_ssl_cert (main): Fixed a bug ignoring --dane without parameters